Example certificates for X.509 Contacts app.

samples/contacts/certificates/Readme.txt

@@ -0,0 +1,38 @@
+
+This directory contains some example certificates for the X.509 version of the contacts
+application. They have all been generated using openssl with a demo certificate authority.
+The password for all the files is "password"
+
+- marissa.p12 is a pkcs12 file containing the client certificate and private key for
+the user marissa, and should be imported into your browser.
+
+- server.p12 is a pkcs12 file containing a server certificate and private key.
+
+- ca.jks is a java keystore file[1] containing the CA public certificate. This is used as
+the trust store for the server to indicate which client certificates are valid.
+
+The app has been tested in JBoss 3.2.7 (Tomcat 5.0) using the following configuration for
+the connector:
+
+  <!-- SSL/TLS Connector configuration -->
+  <Connector port="8443" address="${jboss.bind.address}"
+       maxThreads="100" minSpareThreads="2" maxSpareThreads="10"
+       scheme="https" secure="true"
+       sslProtocol = "TLS"
+       clientAuth="want" keystoreFile="${jboss.server.home.dir}/conf/server.p12"
+       keystoreType="PKCS12" keystorePass="password"
+       truststoreFile="${jboss.server.home.dir}/conf/ca.jks"
+       truststoreType="JKS" truststorePass="password"
+    />
+
+To try out the application, first get the server running with client authentication enabled.
+
+
+
+
+[1] This was origially also a pkcs12 file. However I couldn't get tomcat to work with
+it unless it contained the CA's private key as well as the certificate, which is obviously
+not feasible. If anyone works out how to get Tomcat to work with a pkcs12 file containing
+a single certificate, then please let me know.
+
+$Id$